Recent FAQ Changes

❓ FAQ 1215 New 2008-02-24T00:00:00+00:00

What is the PCI DSS Self-Assessment Questionnaire?

The PCI Data Security Standard Self-Assessment Questionnaire is a validation tool intended to assist merchants and service providers who are permitted by the payment brands to self-evaluate their compliance with …

❓ FAQ 1173 New 2008-02-24T00:00:00+00:00

Who is qualified to perform PA-DSS assessments?

Payment Application Qualified Security Assessors (PA-QSAs) are qualified by the Council to validate payment applications for compliance to PA-DSS. A list of PA-QSAs is available on the Council website. A …

❓ FAQ 1147 New 2008-02-24T00:00:00+00:00

What is the purpose of requiring consoles/PCs to become ?locked? after 15 minutes of idle time, per PCI DSS requirement 8.5.15?

The intent of this requirement is to prevent someone from using an unattended console/PC to gain unauthorized access to the user’s computer and accounts, and/or the company’s network. This does …

❓ FAQ 1141 New 2008-02-24T00:00:00+00:00

What are the fines and penalties assessed to companies for non-compliance with the PCI DSS?

Any fines and/or penalties associated with non-compliance with the PCI DSS and/or confirmed security breaches are defined by each of the payment card brands.

For more specific information, please …

❓ FAQ 1134 New 2008-02-24T00:00:00+00:00

Does media containing cardholder data (for example, backup tapes or disks) need to be physically labeled as confidential in order to meet PCI DSS Requirement 9.7.1?

The objective of PCI DSS requirement 9.7.1 ?Classify media so the sensitivity of the data can be determined,? is to ensure that media is controlled and protected against inadvertent or …

Recent FAQ Changes RSS

What is the PCI DSS Self-Assessment Questionnaire?

Who is qualified to perform PA-DSS assessments?

What is the purpose of requiring consoles/PCs to become ?locked? after 15 minutes of idle time, per PCI DSS requirement 8.5.15?

What are the fines and penalties assessed to companies for non-compliance with the PCI DSS?

What are the steps needed to use the Self-assessment Questionnaire (SAQ) to validate compliance with PCI DSS?

Why are there multiple PCI DSS Self-assessment Questionnaires (SAQs)?

What is an Attestation of Compliance?

Does the council have a mapping between PCI DSS and ISO 27002 (formerly ISO 17799) or other standards?

Would older operating systems that are no longer supported by the vendor be deemed non-compliant with the PCI DSS?

Does media containing cardholder data (for example, backup tapes or disks) need to be physically labeled as confidential in order to meet PCI DSS Requirement 9.7.1?